# Ansible Role: samba_ad_dc

Ansible role to **install**, **provision**, and optionally **remove** a Samba Active Directory Domain Controller (AD DC) on **Debian-based systems** (e.g., Debian, Ubuntu). 

---

## ✅ Features

- Installs and configures Samba as an AD Domain Controller
- Uses `samba-tool` to provision the domain
- Idempotent: Won't re-provision if already set up
- Reversible: Set `state: absent` to cleanly remove Samba AD DC
- Sets up `/etc/hosts` and DNS resolver
- Separate Kerberos configuration
- Logging of provisioning
- Molecule tests included for both `present` and `absent` states

---

## 📦 Role Variables

### Main Variables

| Variable                 | Description                                  | Default              |
|--------------------------|----------------------------------------------|----------------------|
| `samba_ad_dc_state`      | `present` to install, `absent` to remove     | `present`            |
| `samba_realm`            | Kerberos Realm (e.g., `EXAMPLE.COM`)         | `EXAMPLE.COM`        |
| `samba_domain`           | NetBIOS domain name (e.g., `EXAMPLE`)        | `EXAMPLE`            |
| `samba_admin_password`   | Admin password for the domain                | `StrongAdminPassword123!` |
| `samba_dns_backend`      | DNS backend (`SAMBA_INTERNAL`, `BIND9_DLZ`)  | `SAMBA_INTERNAL`     |
| `samba_hostname`         | Hostname for the server                      | `inventory_hostname` |

---

## 🧰 Example Playbook

```yaml
- hosts: samba
  become: true
  roles:
    - role: samba_ad_dc
      vars:
        samba_realm: "CORP.EXAMPLE.COM"
        samba_domain: "CORP"
        samba_admin_password: "SuperSecretPassw0rd!"

❌ Remove Samba AD DC
- hosts: samba
  become: true
  roles:
    - role: samba_ad_dc
      vars:
        samba_ad_dc_state: absent

📁 Included Tasks

install.yml: Installs and provisions Samba AD

remove.yml: Stops and removes Samba AD

kerberos.yml: Configures Kerberos (/etc/krb5.conf)

verify.yml: Validates the installation (samba-tool, kinit)

dns_hosts.yml: Ensures /etc/hosts and DNS resolvers are set

logging.yml: Logs provisioning output

📄 Templates

smb.conf.j2: Samba configuration

krb5.conf.j2: Kerberos configuration

🔒 Security Notes

Passwords should be stored in Ansible Vault for production.

DNS and Kerberos configuration assumes internal AD DNS — adjust for external resolvers if needed.

🧩 Compatibility

OS: Debian 10/11/12+, Ubuntu 20.04/22.04+

Ansible: 2.9+